BOa noite amigo, fui dar uma scaneada na minha máquina ontem a noite fiquei surpreso qdo o kapersky achou 28 trojans. removi pelo kapersky, mas como não confio 100% nestes antivírus. gostaria que dessem uma avaliada nestes logs que eu gerei.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:54, on 16/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe
C:\Arquivos de programas\ShadowStor\ShadowUser\ShadowUser.exe
C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.d ll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SuNotification] C:\Arquivos de programas\ShadowStor\ShadowUser\suatshut.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ShadowUser Pro Edition.lnk = C:\Arquivos de programas\ShadowStor\ShadowUser\ShadowUser.exe
O8 - Extra context menu item: Adicionar ao Anti-Banner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5579 bytes
e o log do findikyll:
############################## [ FindyKill V4.724 ]
# User : Fabio (Administradores) # FABIO
# Update on 15/04/09 by Chiquitine29
# Start at: 12:07:25 | 16/6/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/
# AMD Athlon(tm) 64 Processor 3200+
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : Kaspersky Internet Security 7.0.1.325 [ Enabled | Updated ]
# FW : Kaspersky Internet Security[ Enabled ]7.0.1.325
# A:\ # Unidade de disquete de 3 1/2 polegadas
# C:\ # Disco fixo local # 64,76 Go (51,58 Go free) # NTFS
# D:\ # Disco CD-ROM
# E:\ # Disco fixo local # 9,77 Go (9,72 Go free) # NTFS
# F:\ # Disco removível # 3,81 Go (1,37 Go free) [KINGSTON] # FAT32
############################## [ Active Processes ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ C:\WINDOWS # C:\WINDOWS\Prefetch ]
################## [ C:\WINDOWS\System32... ]
################## [ C:\Documents and Settings\Fabio\Dados de aplicativos ]
################## [ C:\Documents and Settings\Fabio...\Temp Files... ]
################## [ Registry / Infected keys ]
################## [ Searching in removable drives ]
# Presence of files :
Found ! E:\autorun.inf
Found ! F:\autorun.inf
################## [ Registry / Mountpoint2 ]
# -> Not found !
################## [ ! End of report # FindyKill V4.724 ! ]
![mendesfs](https://www.hardware.com.br/static/c/avatars/l/430/430725.jpg)
mendesfs
Membro Senior
Registrado
195 Mensagens
1 Curtida